<?php
/******************************
 * EQdkp
 * Copyright 2002-2003
 * Licensed under the GNU GPL.  See COPYING for full terms.
 * ------------------
 * addnews.php
 * Began: Wed December 25 2002
 * 
 * $Id: addnews.php 541 2008-05-20 06:56:16Z rspeicher $
 * 
 ******************************/
 
define('EQDKP_INC', true);
define('IN_ADMIN', true);
$eqdkp_root_path = './../';
include_once($eqdkp_root_path . 'common.php');

$fv = new Form_Validate;

// Obtain var settings
$news_id = ( !empty($_REQUEST[URI_NEWS]) ) ? intval($_REQUEST[URI_NEWS]) : '';
$confirm = ( !empty($_POST['confirm']) ) ? true : false;

// Start session management
$user->start();
$user->setup();

// Delete confirmation
// If they didn't confirm, redirect them to the last page they were on
if ( isset($_POST['cancel']) )
{
    if ( $news_id )
    {
        $redirect = 'addnews.php'.$SID.'&' . URI_NEWS . '='.$news_id;
    }
    else
    {
        $redirect = 'addnews.php'.$SID;
    }
    
    redirect($redirect);
}

// Figure out what submit button was pressed
$add    = ( isset($_POST['add']) ) ? true : false;
$update = ( isset($_POST['update']) ) ? true : false;
$delete = ( isset($_POST['delete']) ) ? true : false;

// Figure out action based on submit
if ( $add )
{
    $user->check_auth('a_news_add');
    $action = 'add';
}
elseif ( $update )
{
    $user->check_auth('a_news_upd');
    $action = 'update';
}
elseif ( ($delete) || ($confirm) )
{
    $user->check_auth('a_news_del');
    $action = 'delete';
}
else
{
    $user->check_auth('a_news_');
    $action = 'display';
}

//
// Error Checking and variable initialization
//
if ( ($add) || ($update) || ($delete) )
{
    $_POST = htmlspecialchars_array($_POST);
    
    $news_added_by = $user->data['username'];
    $news_updated_by = $user->data['username'];
    
    $fv->is_filled(array(
        'news_headline' => $user->lang['fv_required_headline'],
        'news_message' => $user->lang['fv_required_message'])
    );
    
    // If there's errors, negate the whole thing since we'll need to re-display the form
    if ( $fv->is_error() )
    {
        $action = 'display';
    }
}

//
// Get relevant data
//
if ( $news_id )
{
    $sql = 'SELECT news_headline, news_message
            FROM ' . NEWS_TABLE . "
            WHERE news_id='".$news_id."'";
    $result = $db->query($sql);
    if ( !$row = $db->fetch_record($result) )
    {
        message_die($user->lang['error_invalid_news_provided']);
    }
    $db->free_result($result);
    
    $current_time = time();
    $news = array(
        'news_headline' => post_or_db('news_headline', true, $row),
        'news_message' => post_or_db('news_message', true, $row)
    );
}
else
{
    $current_time = time();
    $news = array(
        'news_headline' => post_or_db('news_headline', false),
        'news_message' => post_or_db('news_message', false)
    );
}

//
// Processing
//
switch ( $action )
{
    //
    // Add
    //
    case 'add':
        $news_headline = htmlspecialchars($_POST['news_headline']);
        $news_message = htmlspecialchars($_POST['news_message']);
        
        $sql = 'INSERT INTO ' . NEWS_TABLE . "
                (news_id, news_headline, news_message, news_date, user_id)
                VALUES ('NULL','".$news_headline."','".$news_message."','".$current_time."','".$user->data['user_id']."')";
        $db->query($sql);
        
        $this_news_id = $db->insert_id();
        
        // Logging
        $log_action = array(
            'header' => '{L_ACTION_NEWS_ADDED}',
            'id' => $this_news_id,
            '{L_HEADLINE}' => $news_headline,
            '{L_MESSAGE_BODY}' => nl2br($news_message),
            '{L_ADDED_BY}' => $news_added_by);
        $eqdkp->log_insert(array(
            'log_type' => $log_action['header'],
            'log_action' => $eqdkp->make_log_action($log_action),
            'log_ipaddress' => $user->ip,
            'log_sid' => $user->session_id,
            'log_result' => '{L_SUCCESS}',
            'admin_id' => $user->data['user_id'])
        );
        
        $success_message = $user->lang['admin_add_news_success'];
        $link_list = generate_admin_success_links(array(
            $user->lang['add_news'] => 'addnews.php'.$SID,
            $user->lang['list_news'] => 'listnews.php'.$SID)
        );
        
        message_die(stripslashes($success_message) . '<br /><br />' . $link_list);
        
        break;
    //
    // Update
    //
    case 'update':
        $news_headline = htmlspecialchars($_POST['news_headline']);
        $news_message = htmlspecialchars($_POST['news_message']);
        
        // Get the 'old' data so we can see what's changed
        $sql = 'SELECT news_headline, news_message
                FROM ' . NEWS_TABLE . "
                WHERE news_id='".$news_id."'";
        $result = $db->query($sql);
        while ( $row = $db->fetch_record($result) )
        {
            $old_news = array(
                'news_headline' => addslashes($row['news_headline']),
                'news_message' => addslashes($row['news_message'])
            );
        }
        $db->free_result($result);
        
        $sql = 'UPDATE ' . NEWS_TABLE . "
                SET news_headline='".$news_headline."', news_message='".$news_message."', news_date='".$current_time."'
                WHERE news_id='".$news_id."'";
        $db->query($sql);
        
        // Logging
        $log_action = array(
            'header' => '{L_ACTION_NEWS_UPDATED}',
            'id' => $news_id,
            '{L_HEADLINE_BEFORE}' => $old_news['news_headline'],
            '{L_MESSAGE_BEFORE}' => nl2br($old_news['news_message']),
            '{L_HEADLINE_AFTER}' => find_difference($old_news['news_headline'], $news_headline),
            '{L_MESSAGE_AFTER}' => nl2br($news_message),
            '{L_UPDATED_BY}' => $news_updated_by);
        $eqdkp->log_insert(array(
            'log_type' => $log_action['header'],
            'log_action' => $eqdkp->make_log_action($log_action),
            'log_ipaddress' => $user->ip,
            'log_sid' => $user->session_id,
            'log_result' => '{L_SUCCESS}',
            'admin_id' => $user->data['user_id'])
        );
        
        $success_message = $user->lang['admin_update_news_success'];
        $link_list = generate_admin_success_links(array(
            $user->lang['add_news'] => 'addnews.php'.$SID,
            $user->lang['list_news'] => 'listnews.php'.$SID)
        );
        
        message_die(stripslashes($success_message) . '<br /><br />' . $link_list);
        
        break;
    //
    // Delete
    //
    case 'delete':
        if ( !$confirm )
        {
            confirm_delete($user->lang['confirm_delete_news'], URI_NEWS, $news_id, 'addnews.php'.$SID);
        }
        else
        {
            // Get the 'old' data so we can see what's changed
            $sql = 'SELECT news_headline, news_message
                    FROM ' . NEWS_TABLE . "
                    WHERE news_id='".$news_id."'";
            $result = $db->query($sql);
            while ( $row = $db->fetch_record($result) )
            {
                $old_news = array(
                    'news_headline' => addslashes($row['news_headline']),
                    'news_message' => addslashes($row['news_message'])
                );
            }
            $db->free_result($result);
            
            $sql = 'DELETE FROM ' . NEWS_TABLE . "
                    WHERE news_id='".$news_id."'";
            $db->query($sql);
            
            // Logging
            $log_action = array(
                'header' => '{L_ACTION_NEWS_DELETED}',
                'id' => $news_id,
                '{L_HEADLINE}' => $old_news['news_headline'],
                '{L_MESSAGE_BODY}' => nl2br($old_news['news_message']));
            $eqdkp->log_insert(array(
                'log_type' => $log_action['header'],
                'log_action' => $eqdkp->make_log_action($log_action),
                'log_ipaddress' => $user->ip,
                'log_sid' => $user->session_id,
                'log_result' => '{L_SUCCESS}',
                'admin_id' => $user->data['user_id'])
            );
            
            $success_message = $user->lang['admin_delete_news_success'];
            $link_list = generate_admin_success_links(array(
                $user->lang['add_news'] => 'addnews.php'.$SID,
                $user->lang['list_news'] => 'listnews.php'.$SID)
            );
            
            message_die(stripslashes($success_message) . '<br /><br />' . $link_list);
            
        } // confirmed
        break;
    //
    // Display form
    //
    case 'display':
        $tpl->assign_vars(array(
            'F_ADD_NEWS' => 'addnews.php'.$SID,
            'NEWS_ID' => $news_id,
            
            'HEADLINE' => $news['news_headline'],
            'MESSAGE' => $news['news_message'],
            
            'L_HEADLINE' => $user->lang['headline'],
            'L_MESSAGE_BODY' => $user->lang['message_body'],
            'L_ADD_NEWS' => $user->lang['add_news'],
            'L_RESET' => $user->lang['reset'],
            'L_UPDATE_NEWS' => $user->lang['update_news'],
            'L_DELETE_NEWS' => $user->lang['delete_news'],
            
            'L_B_HELP' => $user->lang['b_help'],
            'L_I_HELP' => $user->lang['i_help'],
            'L_U_HELP' => $user->lang['u_help'],
            'L_Q_HELP' => $user->lang['q_help'],
            'L_C_HELP' => $user->lang['c_help'],
            'L_P_HELP' => $user->lang['p_help'],
            'L_W_HELP' => $user->lang['w_help'],
            
            'FV_HEADLINE' => $fv->generate_error('news_headline'),
            'FV_MESSAGE' => $fv->generate_error('news_message'),
            
            'MSG_HEADLINE_EMPTY' => $user->lang['fv_required_headline'],
            'MSG_MESSAGE_EMPTY' => $user->lang['fv_required_message'],
            
            'S_ADD' => ( !$news_id ) ? true : false)
        );
        
        $page_title = sprintf($user->lang['admin_title_prefix'], $eqdkp->config['guildtag'], $eqdkp->config['dkp_name']).': '.$user->lang['addnews_title'];
        include_once($eqdkp_root_path . 'includes/page_header.php');
        
        $tpl->set_filenames(array(
            'body' => 'admin/addnews.html')
        );
        
        include_once($eqdkp_root_path . 'includes/page_tail.php');
        break;
} // Processing
?>